Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Logs For Unknown Malware?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Chris Jeffery

Chris Jeffery

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bexhill - United Kingdom
  • Local time:05:16 AM

Posted 05 March 2012 - 01:36 PM

Detailed Problem Description:

I turn my PC on, and everything loads up fine. Its running at the same speed it always does, and doesn't present me with any errors or anything like that, and I can start to use it as normal. But after 5 to 10 minutes (sometimes a little more, but mostly 5 to 10) it starts to do strange things. Here is a list of things that happen (or don't happen as the case may be!):

  • Google Chrome won't navigate to any pages. It gets stuck "waiting for cache" and won't navigate anywhere. But I can still press all the buttons and icons, and I can still enter addresses and search terms, it just won't go anywhere.
  • The programs I have running already will slowly freeze - not all at the same time, but as I try to do things with them they start to freeze one by one.
  • I can't start any new programs. I can click them on my taskbar, and the icons "light up" like the usually do when I start an application, but they never start and the icon just fades again.
  • My virus protection will open, but it won't scan any files. It won't open or scan anything even before the computer begins to freeze - starting a virus scan actually makes the computer freeze too.
  • Once the computer has gone into its weird stage, I can do CTRL + ALT + DEL, and click Task Manager. Although the icon appears next to the clock, the Task Manager window won't appear. Clicking the icon beside the clock does nothing.
  • If I try and shut down or restart the computer, I can click the buttons to do so, and the bluey screen appears telling me its logging off, windows is shutting down, etc, but the computer never actually gets past that stage. It just says its shutting down but never does, I have to force it to turn off by holding the button down.
  • The final thing I've noticed is that I can't print anything. If I try and print something from say, Microsoft Word, it will just freeze the program rather than printing anything.
So that's what's happening, and it makes the computer unusable so as you can understand I really want to get it sorted but I don't know what to do with it. I'd like to point out that everything seems to work fine in safe mode.

DDS Log File:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by CJ at 18:29:22 on 2012-03-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.12286.9688 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\CJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CJ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CJ\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.computerplanet.co.uk
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120304170132.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\CJ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\CJ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{10EBF827-203C-4FBC-8BF3-406672532385} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{10EBF827-203C-4FBC-8BF3-406672532385}\059617575647D275962756C6563737 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{10EBF827-203C-4FBC-8BF3-406672532385}\244584572633D273057375 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{10EBF827-203C-4FBC-8BF3-406672532385}\E4544574541425 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{49115D2D-CAE8-4B8B-8634-27AC6E1CFC55} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120304170132.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-12 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-20 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-24 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-24 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-24 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-12 199272]
S2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-2-14 124832]
S2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2011-10-11 130000]
S2 RealtekSE;RealtekSE;C:\Program Files (x86)\Edimax\PCIE Wireless LAN\RtlService.exe [2011-5-9 45056]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-6-5 386344]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-10 2280312]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-5-9 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-20 136176]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\1DCD.tmp --> C:\Windows\system32\1DCD.tmp [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-03-05 14:52:18 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-05 12:23:03 -------- d--h--w- C:\ProgramData\Common Files
2012-03-05 12:23:03 -------- d-----w- C:\Users\CJ\AppData\Roaming\AVG2012
2012-03-05 12:22:26 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-05 12:21:58 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-05 12:21:58 -------- d-----w- C:\ProgramData\AVG2012
2012-03-05 12:21:49 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-05 12:19:31 -------- d-----w- C:\ProgramData\MFAData
2012-03-05 10:55:27 6144 ------w- C:\Windows\System32\1DCD.tmp
2012-03-05 10:54:45 6144 ------w- C:\Windows\System32\77BE.tmp
2012-03-04 22:15:23 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2012-03-04 21:35:27 -------- d-----w- C:\Users\CJ\AppData\Local\ElevatedDiagnostics
2012-03-04 21:25:38 6144 ------w- C:\Windows\System32\475F.tmp
2012-03-04 21:25:06 6144 ------w- C:\Windows\System32\C90B.tmp
2012-03-04 21:24:51 -------- d-----w- C:\Program Files (x86)\Sophos
2012-03-04 20:40:50 -------- d-----w- C:\Users\CJ\AppData\Roaming\SUPERAntiSpyware.com
2012-03-04 20:40:50 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-04 17:50:53 -------- d-----w- C:\Users\CJ\AppData\Local\{3BEC4D3C-72A6-4190-93C9-B42720D4E0D2}
2012-03-04 17:13:32 -------- d-----w- C:\Users\CJ\AppData\Local\{6CFDEC8D-95A0-4A85-A6A2-6B2884355C58}
2012-03-04 16:40:06 -------- d-----w- C:\$RECYCLE.BIN
2012-03-04 16:24:45 98816 ----a-w- C:\Windows\sed.exe
2012-03-04 16:24:45 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-04 16:24:45 256000 ----a-w- C:\Windows\PEV.exe
2012-03-04 16:24:45 208896 ----a-w- C:\Windows\MBR.exe
2012-03-03 17:35:37 -------- d-----w- C:\Users\CJ\AppData\Local\{0E9A044F-B709-4377-B263-E33A163B9BC6}
2012-03-03 17:35:14 -------- d-----w- C:\Users\CJ\AppData\Local\{7EFE559C-0D37-4208-ADB0-3F3D4DF05881}
2012-03-03 16:57:12 -------- d-----w- C:\Users\CJ\AppData\Local\{6BB268F1-2C2C-48DB-A6EA-AAF043367851}
2012-03-03 16:56:51 -------- d-----w- C:\Users\CJ\AppData\Local\{BAAFDFE8-65E5-47DB-8FFA-20C085E608D2}
2012-03-03 16:46:12 -------- d-----w- C:\Users\CJ\AppData\Local\{8A90EC99-7DB8-46ED-ADE5-839F18293831}
2012-03-03 16:46:02 -------- d-----w- C:\Users\CJ\AppData\Local\{731448F4-A140-4D4F-92DA-26DFA9DFE3C4}
2012-03-03 16:39:10 -------- d-----w- C:\Users\CJ\AppData\Local\{398F02A8-0DD0-4277-A4A2-26A43FD79B14}
2012-03-03 16:38:48 -------- d-----w- C:\Users\CJ\AppData\Local\{C5B91F5C-48E5-4021-83BF-FA5E207B2E7C}
2012-03-02 12:27:39 -------- d-----w- C:\Users\CJ\AppData\Local\{B2C4A6E7-DDB4-4EA0-ABD4-FAC5E6C1DF9E}
2012-03-02 12:27:28 -------- d-----w- C:\Users\CJ\AppData\Local\{D539116C-DACF-4F31-9C89-F0587BE56D7E}
2012-03-01 23:01:37 -------- d-----w- C:\Users\CJ\AppData\Local\{CE49B513-3F90-4B58-90BA-49E5AABC58CE}
2012-03-01 23:01:16 -------- d-----w- C:\Users\CJ\AppData\Local\{F937689C-35FE-4267-9F32-544B115E77C7}
2012-03-01 21:32:08 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-03-01 21:32:01 -------- d-----w- C:\Program Files (x86)\GamersFirst
2012-03-01 11:01:04 -------- d-----w- C:\Users\CJ\AppData\Local\{0256F214-5746-4C23-A1D7-C0BA7DB37C62}
2012-03-01 11:00:43 -------- d-----w- C:\Users\CJ\AppData\Local\{9B9FD631-4CD8-46F3-AE3A-BBD7B6AC9F3B}
2012-02-28 11:52:07 -------- d-----w- C:\Users\CJ\AppData\Local\{D17447DC-CC54-4DD4-8B66-781E776AF4B3}
2012-02-28 11:51:57 -------- d-----w- C:\Users\CJ\AppData\Local\{32EA5991-283E-40A0-82D5-ECB5D06C25FC}
2012-02-27 12:26:12 -------- d-----w- C:\Users\CJ\AppData\Local\{61C714E6-D32C-4683-8949-84F6F221B0F5}
2012-02-27 12:25:50 -------- d-----w- C:\Users\CJ\AppData\Local\{5FF6B46C-014E-4A9C-8DB2-65E243CE4B82}
2012-02-27 00:25:26 -------- d-----w- C:\Users\CJ\AppData\Local\{19729011-7907-417D-AF99-72B7E8CFA019}
2012-02-27 00:25:05 -------- d-----w- C:\Users\CJ\AppData\Local\{EEEF83CA-38F6-4B64-805A-19D73393BFBD}
2012-02-27 00:03:19 -------- d-----w- C:\Users\CJ\.freemind
2012-02-26 12:24:40 -------- d-----w- C:\Users\CJ\AppData\Local\{3B07ECF9-4EE6-41A8-BF66-54CD27EE137B}
2012-02-26 12:24:28 -------- d-----w- C:\Users\CJ\AppData\Local\{63B98169-37BF-45A4-A3F9-CAAF0C2B9DD6}
2012-02-25 20:13:42 -------- d-----w- C:\Users\CJ\AppData\Local\{8467F17C-C2FB-48A2-A1CA-556D1589B776}
2012-02-25 20:13:30 -------- d-----w- C:\Users\CJ\AppData\Local\{FEA8ABCD-9A72-4BFB-BB7E-9AC3BACB12E8}
2012-02-23 11:15:15 -------- d-----w- C:\Users\CJ\AppData\Local\{7D9F31FE-3D88-47A7-BE93-1640B663B9F0}
2012-02-23 11:15:04 -------- d-----w- C:\Users\CJ\AppData\Local\{E60DA349-3166-485F-B53F-85893FC6FD19}
2012-02-22 14:16:51 -------- d-----w- C:\Users\CJ\AppData\Local\{8EE82C86-3348-40C2-89FF-C4634A098181}
2012-02-22 14:16:30 -------- d-----w- C:\Users\CJ\AppData\Local\{1930AA39-599D-49F7-8B7C-755BDF323A5F}
2012-02-21 15:21:21 -------- d-----w- C:\Users\CJ\AppData\Local\{F0ED20B0-4ECA-427C-9487-D4B56C13A776}
2012-02-21 15:21:08 -------- d-----w- C:\Users\CJ\AppData\Local\{7992952A-3E12-42D7-9752-1175DAEF973C}
2012-02-20 10:52:53 -------- d-----w- C:\Users\CJ\AppData\Local\{2F370CEC-403E-4356-BD6A-0E9568646DCD}
2012-02-20 10:52:31 -------- d-----w- C:\Users\CJ\AppData\Local\{79E55296-1535-4E9C-8D97-25C6CE8D57C5}
2012-02-19 12:37:05 -------- d-----w- C:\Users\CJ\AppData\Local\{707C8308-5788-44ED-8524-2F2ACD29DB48}
2012-02-19 12:36:51 -------- d-----w- C:\Users\CJ\AppData\Local\{4E76D41B-D97D-4B58-8A33-280306F76F7D}
2012-02-17 12:40:07 -------- d-----w- C:\Users\CJ\AppData\Local\{13352E3F-02BC-4728-A27B-21E6F92C9A28}
2012-02-17 12:39:52 -------- d-----w- C:\Users\CJ\AppData\Local\{A4E67183-C314-4100-A111-BAAB787C4E12}
2012-02-16 19:03:04 -------- d-----w- C:\Users\CJ\AppData\Local\{FFF8159C-8466-4249-A02F-02D1496D9A54}
2012-02-16 19:02:50 -------- d-----w- C:\Users\CJ\AppData\Local\{B78CEA0C-2933-4BBB-BDD4-664E83B91236}
2012-02-15 13:50:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 13:50:13 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 13:50:12 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 13:50:12 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 13:50:11 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 13:50:09 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 13:50:03 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 13:50:03 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 13:44:40 -------- d-----w- C:\Users\CJ\AppData\Local\{1A61A82B-E7D3-472E-9029-1D97C23C490F}
2012-02-15 13:44:18 -------- d-----w- C:\Users\CJ\AppData\Local\{4A8CCB55-8A33-4F80-95BE-A27BCEFF8F28}
2012-02-14 15:10:58 -------- d-----w- C:\Users\CJ\AppData\Local\{F6532E3F-47B0-42DB-8A5B-E2B2188A3F83}
2012-02-14 15:10:36 -------- d-----w- C:\Users\CJ\AppData\Local\{D99FCF1D-BDD8-4B09-AF4E-64EF318BEE4B}
2012-02-14 03:10:12 -------- d-----w- C:\Users\CJ\AppData\Local\{0AF37878-9003-4C6D-9679-A48E2E888569}
2012-02-14 03:09:50 -------- d-----w- C:\Users\CJ\AppData\Local\{3A355984-8CDF-400A-B761-2B79C5EA7E1D}
2012-02-13 15:09:26 -------- d-----w- C:\Users\CJ\AppData\Local\{01A2103B-E3EA-48FB-AF05-17211A09047B}
2012-02-13 15:09:05 -------- d-----w- C:\Users\CJ\AppData\Local\{1E4FA784-AEE5-4576-9A99-8C82FCEA80C0}
2012-02-12 19:22:46 -------- d-----w- C:\Users\CJ\AppData\Local\twitter
2012-02-12 19:22:23 576536 ----a-r- C:\Users\CJ\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-02-12 19:22:22 -------- d-----w- C:\Program Files (x86)\Twitter
2012-02-12 11:45:39 -------- d-----w- C:\Users\CJ\AppData\Local\{2EB433C6-47D9-47EA-8D4E-DF1C33916367}
2012-02-12 11:45:18 -------- d-----w- C:\Users\CJ\AppData\Local\{A41E1AEC-BB42-4DC7-B5B5-7E5D5E374FD9}
2012-02-11 11:25:01 -------- d-----w- C:\Users\CJ\AppData\Local\{0ED1D24F-0E6E-489C-915D-A68E7AE9244D}
2012-02-11 11:24:38 -------- d-----w- C:\Users\CJ\AppData\Local\{47CCBAB2-FEDA-479B-8B3D-40F3D9E2B8B0}
2012-02-10 12:59:34 -------- d-----w- C:\Users\CJ\AppData\Local\{001E8237-C7E1-4E76-8E42-8A3F3F41635C}
2012-02-10 12:59:20 -------- d-----w- C:\Users\CJ\AppData\Local\{B978F7B3-2010-4575-B4E9-FAE764EFFB94}
2012-02-09 21:58:35 -------- d-----w- C:\Users\CJ\AppData\Local\{5D559161-5A7D-42C2-A453-8529D3BE93C4}
2012-02-09 21:58:13 -------- d-----w- C:\Users\CJ\AppData\Local\{ABF756B8-E809-4175-BCDC-59701FF636F2}
2012-02-09 09:58:00 -------- d-----w- C:\Users\CJ\AppData\Local\{48676AF9-4B2B-49FD-89CB-8D0CD9664F10}
2012-02-09 09:57:37 -------- d-----w- C:\Users\CJ\AppData\Local\{C9BC6CE5-84EE-4546-986B-4DB83E3ECDBF}
2012-02-08 13:17:19 -------- d-----w- C:\Users\CJ\AppData\Local\{9A186E2E-1B3B-4BA4-AE9D-1D34BF3E62EE}
2012-02-08 13:17:08 -------- d-----w- C:\Users\CJ\AppData\Local\{2D3785D7-366D-4C66-9787-0AB5CA0C015D}
2012-02-07 11:10:34 -------- d-----w- C:\Users\CJ\AppData\Local\{9CCFB96D-7A24-4FF8-9696-8B8F21723B03}
2012-02-07 11:10:13 -------- d-----w- C:\Users\CJ\AppData\Local\{897FFD75-816E-4069-9F2D-A25BEC4B06E9}
2012-02-06 12:36:48 -------- d-----w- C:\Users\CJ\AppData\Local\{F3CB8247-C7E5-4739-96F2-1D80867D44E5}
2012-02-06 12:36:33 -------- d-----w- C:\Users\CJ\AppData\Local\{1234D403-04E2-4696-9084-08921BEE225A}
2012-02-05 13:05:28 -------- d-----w- C:\Users\CJ\AppData\Local\{AD5671A0-919E-4C92-A061-FE7A2BEEE267}
2012-02-05 13:05:14 -------- d-----w- C:\Users\CJ\AppData\Local\{E9ACF1C3-E20A-45F4-AA04-DA5785477C44}
.
==================== Find3M ====================
.
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-08 15:56:45 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:29:35.38 ===============

My Attach.txt file has been attached to this post. I'd like to say thank you or all the help I have been given so far and very quickly too, it seems like a great, helpful and friendly community here.

Attached Files


Edited by Chris Jeffery, 05 March 2012 - 01:43 PM.


BC AdBot (Login to Remove)

 


#2 Chris Jeffery

Chris Jeffery
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bexhill - United Kingdom
  • Local time:05:16 AM

Posted 07 March 2012 - 09:49 AM

This problem has since been resolved. Thanks everyone for their time and effort - if a moderator could close this topic that would be great.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:16 AM

Posted 07 March 2012 - 02:16 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users